Key takeaways from Malwarebytes 2023 State of Mobile Cybersecurity

The results of our latest survey on mobile cybersecurity in K-12 and hospitals are in--and its not all peaches and roses. When we talk about endpoint protection, its only natural to only think about the most commonly compromised endpoints like work laptops and servers--but your smartphone isnt of...

University suffers leaks, shutdowns at the hands of Vice Society

The Vice Society ransomware gang is back and making some unfortunate waves in the education sector. According to Bleeping Computer, the Society has held their ransomware laden hands up and admitted an attack on the University of Duisberg-Essen. Sadly this isnt the Universitys first encounter with...

Apple's AirTag stalker safeguards are "woefully inadequate," alleges lawsuit

Two women filed a proposed class-action lawsuit on Monday, December 5, in the United States District Court for the Northern District of California against Apple, the makers of AirTags. Airtags are a small Bluetooth-enabled devices designed to track personal belongings. The suit accuses the compan...

Hundreds of Microsoft SQL servers found to be backdoored

Researchers at DCSO CyTec recently found a backdoor that specifically targets Microsoft SQL servers. The malware acts as an Extended Stored Procedure, which is a special type of extension used by Microsoft SQL servers. After scanning approximately 600,000 servers worldwide, they found 285 servers...

Ransomware review: July 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In July, LockBit maintained...

SonicWall urges customers to patch critical SQL injection bug ASAP

Cybersecurity hardware company, SonicWall, recently released a public security notice about a critical SQL injection flaw affecting its GMS Global Management System and Analytics On-Prem products. The flaw, which is tracked as CVE-2022-22280, is given a 9.4 critical rating. With the high capabili...

Rogue cryptocurrency billboards go phishing for wallets

Billboards and digital real world advertising has raised many questions of privacy and anonymity in recent years. Until now, the primary concern has been mostly legal, yet potentially objectionable geolocation and user profiling. Bluetooth beacons work in tandem with geofenced billboards to send...

DFSCoerce, a new NTLM relay attack, can take control over a Windows domain

A researcher has published a Proof-of-Concept PoC for an NTLM relay attack dubbed DFSCoerce. The method leverages the Distributed File System: Namespace Management Protocol MS-DFSNM to seize control of a Windows domain. Active Directory A directory service is a hierarchical arrangement of objects...

Car owners warned of another theft-enabling relay attack

Tesla owners are no strangers to seeing reports of cars being tampered with outside of their control. Back in 2021, a zero-click exploit aided a drone in taking over the cars entertainment system. In 2016, we had a brakes and doors issue. 2020 saw people rewriting key-fob firmware via Bluetooth...

Elden Ring exploit traps players in infinite death loop

Back in January, we wrote about how the Dark Souls games had their online components switched off for PC gamers. This is because someone figured out how to execute code remotely on the target’s PC. Given that the multiplayer angle of Souls games is rather important, this was quite a body blow for...

HBO sued for sharing subscriber data with Facebook

HBO Max subscribers Angel McDaniel and Constance Simon filed a class-action lawsuit against HBO on Tuesday, alleging that the company has violated their privacy by sharing subscriber viewing data with Facebook. Bursor & Fisher filed the case on behalf of McDaniel and Simon. According to case...

Update now! Cisco fixes several vulnerabilities

Cisco has released a security advisory about two vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS. The flaws could allow an authenticated, remote attacker with read/write privileges to the application t...

FBI warns of bogus job postings on recruitment sites

Before Christmas was a busy time down at the fake job factory, with all manner of dubious antics out to ruin someone’s day. We’re now info February and the bogus job offers show no sign of abating. In fact, the FBI considers it to be such a problem that its issued an alert. This isn’t your typica...

How a few PhD students revealed that phishing trainings might just not work: Lock and Code S03E03

Youve likely fallen for it before—a simulated test sent by your own company to determine whether or not its employees are vulnerable to one of the most pernicious online threats today: Phishing. Phishing has evolved in recent history, and as scammers have rolled out increasingly clever—and...

Logistics giant warns of scams following ransomware attack

German logistics giant Hellmann Worldwide Logistics has issued a warning that data was stolen from the company when it was hit with a ransomware attack on December 9, 2021. It is not entirely clear what type of data was extracted, but the company says it is warning partners and customers to doubl...

New law will issue bans, fines for using default passwords on smart devices

The idea of connecting your entire home to the internet was once a mind-blowing concept. Thanks to smart devices, that concept is now a reality. However, this technological advancement aimed at making our lives more convenient—not to mention very cool and futuristic!—has also opened a wide door f...

Bogus JS libraries become sustained ransomware threat for Roblox gamers

If your kids play Roblox, you may wish to warn them of ransomware perils snapping at their heels. A very smart, and determined attack has been taking place for a little while now. Although initially dismissed as a form of prank, the developers under fire now disagree. Whether prank or malicious...

We dig into the Game Players Code

Gaming security is getting a lot of attention at the moment. Rightly so; it’s a huge target for scammers and malware authors. Malicious ads, fake games, survey scams, phishing attacks…whatever you can think of, it’s in use. Some target kids and steal their accounts, selling them on. Others go aft...

Multiple vulnerabilities in popular WordPress plugin WP Fastest Cache

Multiple vulnerabilities have been found in the popular WordPress plugin WP Fastest Cache during an internal audit by the Jetpack Scan team. Jetpack reports that it found an Authenticated SQL Injection vulnerability and a Stored XSS Cross-Site Scripting via Cross-Site Request Forgery CSRF issue. ...

Adblocker promises to blocks ads, injects them instead

Researchers at Imperva uncovered a new ad injection campaign based on an adblocker named AllBlock. The AllBlock extension was available at the time of writing for Chrome and Opera in the respective web stores. While disguising your adware as an adblocker may seem counterintuitive, it is actually ...

Google warns some users that FancyBear’s been prowling around

APT28, also known as FancyBear, is at the heart of another targeted campaign. This time, it’s sniffing around users of Google services. Some 14,000 people have been notified about a spear phish attempt looking to compromise accounts and access their files. When did this happen? Sometime late...

Does Cybersecurity Awareness Month actually improve security?

October is Cybersecurity Awareness Month, formerly known as National Cybersecurity Awareness Month. The idea is to raise awareness about cybersecurity, and provide resources for people to feel safer and more secure online. The month is a collaboration between the Cybersecurity and Infrastructure...

Microsoft, CISA and NSA offer security tools and advice, but will you take it?

Microsoft offers to help you with patching Exchange servers, CISA offers an insider threat tool, and together with the NSA they offer advice on how to choose and harden your VPN. These initiatives from major parties aim to help organizations assess and manage their security needs. But will they...

Largest DDoS attack ever reported gets hoovered up by Cloudflare

On the Cloudflare blog, the American web infrastructure behemoth that provides content delivery network CDN and DDoS mitigation services reports that it detected and mitigated a 17.2 million request-per-second rps DDoS attack. To put that number in perspective. The company reports that this is...

Fired by algorithm: The future’s here and it’s a robot wearing a white collar

Black Mirror meets 1984. Imagine that your employer uses a bot to keep track of your “production level.” And when this bot finds that you are an under-performer it fires off a contract-termination mail. Does this sound like the world you live in? Unfortunately, for some people it is. The case...

FBI shuts down malware on hundreds of Exchange servers, opens Pandora’s box

A rather remarkable story has emerged, setting the scene for lively debates about permissible system access. A press release from the US Department of Justice Judge has revealed that the FBI were granted permission to perform some tech support backdoor removal. Bizarrely, they did this without...

Barcode Scanner app on Google Play infects 10 million users with one update

UPDATE: February 12, 2021 It has come to our attention that there is another bad actor in this story. Apparently, the original publisher, LAVABIRD LTD, is not the bad actor. It is instead an account under the name "The space team." Nevertheless, there is evidence that updates of Barcode Scanner b...

New Emotet delivery method spotted during downward detection trend

Emotet, one of cybersecurity’s most-feared malware threats, got a superficial facelift this week, hiding itself within a fake Microsoft Office request that asks users to update Microsoft Word so that they can take advantage of new features. This revamped presentation could point to internal effor...

Chaos in a cup: When ransomware creeps into your smart coffee maker

When the fledgling concept of the Internet of Things IoT was beginning to excite the world almost a decade ago, perhaps no coffee lover at that time wouldve imagined including the coffee machine in the roster of internet-connected devices—even in jest. True, the simple, utilitarian coffee machine...

Coughing in the face of scammers: security tips for the 2020 tax season

In spite of everything happening in the world right now—the 2020 tax season is about to come to an end, and taxes are due. Americans got a reprieve back in March when the US Treasury Department and Internal Revenue Service IRS announced they were pushing back the federal income tax filing due dat...

Cloud data protection: how to secure what you store in the cloud

The cloud has become the standard for data storage. Just a few years ago, individuals and businesses pondered whether or not they should move to the cloud. This is now a question of the past. Today, the question isn't whether to adopt cloud storage but rather how. Despite its rapid pace of...

Lock and Code S1Ep4: coronavirus and responding to computer viruses with Akshay Bhargava

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Akshay Bhargava, Chief Product Officer of Malwarebytes, about the similarities between coronavirus and computer viruses. We discuss computer virus...

Consumerization: a better way to answer cybersecurity challenges

A version of this article originally appeared in Forbes on February 12, 2020. Consumerization: The specific impact that consumer-originated technologies can have on enterprises. Gartner More and more, enterprises are coming to understand that they need to adopt the agile processes and product...

Why managed service providers (MSP) are critical for business continuity

With the threat landscape becoming more hostile to businesses, small- and medium-sized businesses SMBs are often finding it difficult to cope. Hence, they turn to managed service providers MSPs for help, not only to keep their businesses going—the concept known as business continuity—but also to...

A week in security (January 13 – 19)

Last week on Malwarebytes Labs, we taught you how to prevent a rootkit attack, explained what data enrichment means, informed you about new rules on deepfakes in the US, and demonstrated how backdoors in elastic servers expose private data. Other cybersecurity news An online group of cybersecurit...

IoT bills and guidelines: a global response

You may not have noticed, but Internet of Things IoT rules and regulations are coming whether manufacturers want them or not. From experience, drafting up laws which are hopefully sensible and have some relevance to problems raised by current technology is a time-consuming, frustrating process...

When corporate communications look like a phish

Many organizations will spend significant sums of money on phishing training for employees. Taking the form of regular awareness training, or even simulated phishes to test employee awareness, this is a common practice at larger companies. However, even after training, a consistent baseline of...

A look inside the FBI’s 2018 IC3 online crime report

The FBI’s Internet Crime Complaint Center have released their annual Crime Report, with the most recent release focusing on 2018. While the contents may not surprise, it definitely cements some of the bigger threats to consumers and businesses—and not all of them are particularly high tech...

Are hackers gonna hack anymore? Not if we keep reusing passwords

Enterprises have a password problem, and it’s one that is making the work of hackers a lot easier. From credential stuffing to brute force and password spraying attacks, modern hackers don’t have to do much hacking in order to compromise internal corporate networks. Instead, they log in using wea...

Hancitor: fileless attack with a DLL copy trick

This article was authored by David Sánchez, Mickaël Roger, and Jérôme Segura During the past few years, malicious spam campaigns have proven to be one of the most efficient infection vectors, in part due to a combination of social engineering and a regular number of Office vulnerabilities. The...

Free tools: Internet traffic monitoring

Are you an amateur analyst or security enthusiast looking for free tools to do some basic Internet traffic monitoring? You've come to the right place. Not everyone is versed in the use of robust tools like Wireshark even though it is worth the trouble of learning if you have to do network traffic...

The ‘AT&T breach’—what you need to know

Earlier this week, the data of over 70 million people was posted for sale on an online cybercrime forum. The person selling the data claims it stems from a 2021 breach at AT&T. Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T and put the alleged stolen data up for sale for...

YouTube shows ads for ad blocker, financial scams

After performing local experiments for a few months, YouTube recently expanded its effort to block ad blockers. The move was immediately unpopular with some users, and raised some questions in Europe about whether it was breaking privacy laws. In addition, there are some still some fundamental...

Okta breach happened after employee logged into personal Google account

Okta has revealed details about a recent breach which exposed files belonging to customers. As we explained in our article about 1Password being a victim of this breach, it’s normal for Okta support to ask customers to upload a file known as an HTTP Archive HAR file. Having this file allows the...

Medical research data Advarra stolen after SIM swap

Clinical research company Advarra has reportedly been compromised after a SIM swap on one of their executives. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number. This can be done in a number of ways, but one of the most common methods involv...

Decoy dog toolkit plays the long game with Pupy RAT

Researchers at Infoblox have discovered a new toolkit being used in the wild called Decoy Dog. It targets enterprises, and has a fondness for deploying a remote access trojan called Pupy RAT. Activity from the RAT was first noticed earlier this month. Subsequent research revealed that it has been...

GitHub accidentally exposes RSA SSH key

Late last week, GitHub tweeted that it had replaced its RSA SSH "out of an abundance of caution," after accidentally exposing the key on a publicly accessible repository. How the accidental exposure managed to happen is unknown, but it means that anyone that happened to notice it and was able to...

Jailbreaking ChatGPT and other large language models while we can

The introduction of ChatGPT launched an arms race between tech giants. The rush to be the first to incorporate a similar large language model LLM into their own offerings read: search engines may have left a lot of opportunities to bypass the active restrictions such as bias, privacy concerns, an...

Crypto-inspired Magecart skimmer surfaces via digital crime haven

This blog post was authored by Jerome Segura Online criminals rarely reinvent the wheel, especially when they don't have to. From ransomware to password stealers, there are a number of toolkits available for purchase on various underground markets that allow just about anyone to get a jumpstart...

US agencies issue warning about DAIXIN Team ransomware

The FBI, Cybersecurity and Infrastructure Security Agency CISA, and the Department of Health and Human Services HHS have issued a joint advisory about DAIXIN Team, a fledgling ransomware and data exfiltration group that has been targeting US healthcare. First spotted in June 2022, the DAIXIN Team...